From owner-freebsd-security  Wed Jan 26 22:30: 3 2000
Delivered-To: freebsd-security@freebsd.org
Received: from axl.noc.iafrica.com (axl.noc.iafrica.com [196.31.1.175])
	by hub.freebsd.org (Postfix) with ESMTP id 79EB914D06
	for <security@freebsd.org>; Wed, 26 Jan 2000 22:29:57 -0800 (PST)
	(envelope-from sheldonh@axl.noc.iafrica.com)
Received: from sheldonh (helo=axl.noc.iafrica.com)
	by axl.noc.iafrica.com with local-esmtp (Exim 3.11 #1)
	id 12DiQA-0000PO-00; Thu, 27 Jan 2000 08:28:46 +0200
From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Todd Backman <todd@flyingcroc.net>
Cc: Bill Swingle <unfurl@dub.net>, security@FreeBSD.ORG
Subject: Re: root authorized_keys ignore? 
In-reply-to: Your message of "Wed, 26 Jan 2000 12:08:34 PST."
             <Pine.BSF.4.10.10001261202430.58696-100000@security1.noc.flyingcroc.net> 
Date: Thu, 27 Jan 2000 08:28:44 +0200
Message-ID: <1573.948954524@axl.noc.iafrica.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



On Wed, 26 Jan 2000 12:08:34 PST, Todd Backman wrote:

> just the use of authorized_keys... just want to combat the
> "lazy-admin-syndrome" ;^)

Actually, it looks like you're trying to work around existing laziness,
rather than stomp on it.  So far, all the suggestions I've seen offered
in public are not fool-proof. :-)

Just disable root logins with ssh altogether and have your admins log in
with user accounts and su to root.

Ciao,
Sheldon.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message